-
-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Security rules, cognitive scaffolding, and hook enforcement for Claude Code projects.
AI-generated code produces 1.7x more issues per PR than human code. This framework adds structure: deterministic hooks that block dangerous commands, text rules that guide secure code generation, and cognitive scaffolding that builds developer capability instead of dependency.
git clone https://github.com/Fieldnote-Echo/claude-secure-config.git
bash claude-secure-config/setup.sh /path/to/your-repoThen copy the hook template from hooks.md into your .claude/settings.json.
Add .claude/rules/org/ to your .gitignore. Updates arrive via git pull.
See Installation Options for copy mode, manual setup, and @import.
Three layers, each stronger than the last:
| Layer | Role | Can be ignored? |
|---|---|---|
| Hooks | Block rm -rf, git push --force, .env access, pipe-to-shell |
No — deterministic enforcement |
| Rules | Guide secure coding, git hygiene, supply chain verification | Possible in long sessions (compaction) |
| Scaffold | Reduce sycophancy, surface trade-offs, build human capability | Possible, but shapes working style |
Hooks are the foundation. Rules degrade under compaction; hooks do not.
See Rule Architecture, Security Rules Design, and Cognitive Scaffolding.
-
Installation Options — Symlink, copy, manual,
@import - Setup.sh Reference — All flags, provenance tracking, dry-run, uninstall
-
Hook Configuration —
settings.jsontemplate, deny patterns, sandboxing - Customization Patterns — Internal rules, per-project overrides, compaction survival
- Rule Architecture — The 3-layer model and why it exists
- Security Rules Design — Pre-flight checks, non-derivable specifics, eval anchors
- Cognitive Scaffolding — Anti-sycophancy, progressive trust, deliberation
- Contributing — Rule design principles, testing, commit conventions
- Research and Sources — OWASP, CWE, OpenSSF, academic references
Six rule files (~255 lines, ~2,922 tokens):
| File | Layer | Purpose |
|---|---|---|
security.md |
Rules | Trust boundaries, injection, XSS, supply chain, MCP/tool trust |
code-hygiene.md |
Rules | Strict types, error handling, async safety, AI-specific failure modes |
git-conventions.md |
Rules | Safe git operations, commit format, AI attribution |
cognitive-scaffold.md |
Scaffold | Anti-sycophancy, friction worth keeping, dependency monitoring |
deliberation.md |
Scaffold | Pause before irreversible actions, progressive trust |
task-protocol.md |
Scaffold | Preflight questions for non-trivial tasks |
Plus hooks.md (deterministic enforcement) and setup.sh (the installer).